TRKJ/EdgeAPI
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAPI.git synced 2025-11-19 12:20:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

为用户提供查询WAF日志的接口

Browse Source
This commit is contained in:
GoEdgeLab
2021-01-20 16:46:19 +08:00
parent 78e0f404e5
commit ed1926d96a
2 changed files with 30 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
internal/db/models/http_access_log_dao.go
View File

@@ -116,7 +116,7 @@ func (this *HTTPAccessLogDAO) CreateHTTPAccessLogsWithDAO(tx *dbs.Tx, daoWrapper
} }
// 读取往前的 单页访问日志 // 读取往前的 单页访问日志
func (this *HTTPAccessLogDAO) ListAccessLogs(tx *dbs.Tx, lastRequestId string, size int64, day string, serverId int64, reverse bool, hasError bool, firewallPolicyId int64, firewallRuleGroupId int64, firewallRuleSetId int64) (result []*HTTPAccessLog, nextLastRequestId string, hasMore bool, err error) { func (this *HTTPAccessLogDAO) ListAccessLogs(tx *dbs.Tx, lastRequestId string, size int64, day string, serverId int64, reverse bool, hasError bool, firewallPolicyId int64, firewallRuleGroupId int64, firewallRuleSetId int64, hasFirewallPolicy bool, userId int64) (result []*HTTPAccessLog, nextLastRequestId string, hasMore bool, err error) {
if len(day) != 8 { if len(day) != 8 {
return return
} }
@@ -126,22 +126,33 @@ func (this *HTTPAccessLogDAO) ListAccessLogs(tx *dbs.Tx, lastRequestId string, s
size = 1000 size = 1000
} }
result, nextLastRequestId, err = this.listAccessLogs(tx, lastRequestId, size, day, serverId, reverse, hasError, firewallPolicyId, firewallRuleGroupId, firewallRuleSetId) result, nextLastRequestId, err = this.listAccessLogs(tx, lastRequestId, size, day, serverId, reverse, hasError, firewallPolicyId, firewallRuleGroupId, firewallRuleSetId, hasFirewallPolicy, userId)
if err != nil || int64(len(result)) < size { if err != nil || int64(len(result)) < size {
return return
} }
moreResult, _, _ := this.listAccessLogs(tx, nextLastRequestId, 1, day, serverId, reverse, hasError, firewallPolicyId, firewallRuleGroupId, firewallRuleSetId) moreResult, _, _ := this.listAccessLogs(tx, nextLastRequestId, 1, day, serverId, reverse, hasError, firewallPolicyId, firewallRuleGroupId, firewallRuleSetId, hasFirewallPolicy, userId)
hasMore = len(moreResult) > 0 hasMore = len(moreResult) > 0
return return
} }
// 读取往前的单页访问日志 // 读取往前的单页访问日志
func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, size int64, day string, serverId int64, reverse bool, hasError bool, firewallPolicyId int64, firewallRuleGroupId int64, firewallRuleSetId int64) (result []*HTTPAccessLog, nextLastRequestId string, err error) { func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, size int64, day string, serverId int64, reverse bool, hasError bool, firewallPolicyId int64, firewallRuleGroupId int64, firewallRuleSetId int64, hasFirewallPolicy bool, userId int64) (result []*HTTPAccessLog, nextLastRequestId string, err error) {
if size <= 0 { if size <= 0 {
return nil, lastRequestId, nil return nil, lastRequestId, nil
} }
serverIds := []int64{}
if userId > 0 {
serverIds, err = SharedServerDAO.FindAllEnabledServerIdsWithUserId(tx, userId)
if err != nil {
return
}
if len(serverIds) == 0 {
return
}
}
accessLogLocker.RLock() accessLogLocker.RLock()
daoList := []*HTTPAccessLogDAOWrapper{} daoList := []*HTTPAccessLogDAOWrapper{}
for _, daoWrapper := range accessLogDAOMapping { for _, daoWrapper := range accessLogDAOMapping {
@@ -182,6 +193,9 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, s
// 条件 // 条件
if serverId > 0 { if serverId > 0 {
query.Attr("serverId", serverId) query.Attr("serverId", serverId)
} else if userId > 0 && len(serverIds) > 0 {
query.Attr("serverId", serverIds).
Reuse(false)
} }
if hasError { if hasError {
query.Where("status>=400") query.Where("status>=400")
@@ -195,6 +209,9 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, s
if firewallRuleSetId > 0 { if firewallRuleSetId > 0 {
query.Attr("firewallRuleSetId", firewallRuleSetId) query.Attr("firewallRuleSetId", firewallRuleSetId)
} }
if hasFirewallPolicy {
query.Where("firewallPolicyId>0")
}
// offset // offset
if len(lastRequestId) > 0 { if len(lastRequestId) > 0 {

16
internal/rpc/services/service_http_access_log.go
View File

@@ -3,7 +3,6 @@ package services
import ( import (
"context" "context"
"github.com/TeaOSLab/EdgeAPI/internal/db/models" "github.com/TeaOSLab/EdgeAPI/internal/db/models"
"github.com/TeaOSLab/EdgeAPI/internal/errors"
rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils" rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
) )
@@ -47,17 +46,20 @@ func (this *HTTPAccessLogService) ListHTTPAccessLogs(ctx context.Context, req *p
// 检查服务ID // 检查服务ID
if userId > 0 { if userId > 0 {
if req.ServerId <= 0 { if req.UserId > 0 && userId != req.UserId {
return nil, errors.New("invalid serverId") return nil, this.PermissionError()
} }
err = models.SharedServerDAO.CheckUserServer(tx, userId, req.ServerId) // 这里不用担心serverId <= 0 的情况因为如果userId>0则只会查询当前用户下的服务不会产生安全问题
if err != nil { if req.ServerId > 0 {
return nil, err err = models.SharedServerDAO.CheckUserServer(tx, userId, req.ServerId)
if err != nil {
return nil, err
}
} }
} }
accessLogs, requestId, hasMore, err := models.SharedHTTPAccessLogDAO.ListAccessLogs(tx, req.RequestId, req.Size, req.Day, req.ServerId, req.Reverse, req.HasError, req.FirewallPolicyId, req.FirewallRuleGroupId, req.FirewallRuleSetId) accessLogs, requestId, hasMore, err := models.SharedHTTPAccessLogDAO.ListAccessLogs(tx, req.RequestId, req.Size, req.Day, req.ServerId, req.Reverse, req.HasError, req.FirewallPolicyId, req.FirewallRuleGroupId, req.FirewallRuleSetId, req.HasFirewallPolicy, req.UserId)
if err != nil { if err != nil {
return nil, err return nil, err
} }